QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4344

Published: Dec 1, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20111123 Re: CVE request: jenkins

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb

x_refsource_CONFIRM

[oss-security] 20111123 CVE request: jenkins

mailing-list

x_refsource_MLIST

https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

[jenkinsci-advisories] 20111109 Security advisory in Jenkins Core

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.